Filter
Top Products
̈ Chapter 8: Firewall LANCOM Reference Manual LCOS 3.50
133
Firewall
FROM: LANCOM_Firewall@MyCompany.com
TO: Administrator@MyCompany.com
SUBJECT: packet filtered
Date: 9/24/2002 15:06:46
The packet below
Src: 10.0.0.37:4353 {cs2} Dst: 192.168.200.10:80
{ntserver} (TCP)
45 00 00 2c ed 50 40 00 80 06 7a a3 0a 00 00 25 | E..,.P@.
..z....%
c0 a8 c8 0a 11 01 00 50 00 77 5e d4 00 00 00 00 | .......P
.w^.....
60 02 20 00 74 b2 00 00 02 04 05 b4 | `. .t... ....
matched this filter rule: BLOCKHTTP
and exceeded this limit: more than 0 packets transmitted
or received on a connection
because of this the actions below were performed:
drop
block source address for 1 minutes
send syslog message
send SNMP trap
send email to administrator
Notification by SNMP trap
If as notification method dispatching SNMP traps was activated (see also
’Configuration using SNMP’ →page 20), then the first line of the logging
table is sent away as enterprise specific trap 26. This trap contains additionally
the system descriptor and the system name from the MIB-2.
For the example the following trap is thus produced:
SNMP: SNMPv1; community = public; SNMPv1 Trap; Length = 443
(0x1BB)
SNMP: Message type = SNMPv1
SNMP: Version = 1 (0x0)
SNMP: Community = public
SNMP: PDU type = SNMPv1 Trap
SNMP: Enterprise = 1.3.6.1.4.1.2356.400.1.6021
SNMP: Agent IP address = 10.0.0.43